This invention is in the field of data security. Embodiments are more specifically directed to the authentication of networked devices for secure communications.
Security of data communications is a significant issue in virtually every type of interconnected and networked system of electronic devices ranging from large-scale systems such as supercomputers to small scale systems such as the sensors and actuators envisioned for deployment in the “Internet of Things” (IoT). Indeed, small scale and highly distributed IoT devices are expected to be implemented in increasing numbers over a wide range of services and applications, including health, education, resource management, and the like. Unfortunately, these small scale systems can be particularly vulnerable to attack and compromise.
This increased vulnerability of sensors, actuators, and other IoT networked devices is due in large part to constraints on the computational capacity of these devices that are enforced to minimize device and system cost and also minimize power consumption, considering that many sensors, actuators, and other IoT networked devices will be remotely powered, whether by way of long life batteries, solar cells at the device, or from wireless communication signals. However, the complex computations involved in authentication of communications and other security functions such as encryption and decryption can be quite demanding on processor performance, especially at the level of security required of networks deployed in public places or that are managing critical operations. Deployment of networked devices in the IoT thus must address the competing needs of adequate security, on one hand, and low device cost and power consumption, on the other.
By way of further background, various approaches are known in the field of digital data cryptography, such as may be used for data communications, data storage and retrieval, and other applications. In general, the field of cryptography encompasses data encryption and decryption, digital authentication of digital data (e.g., sign/verify schemes), and the like. Public key cryptography, also referred to as asymmetric cryptography, is one common type. According to this approach, a public-private pair of “keys”, each key being a block of data or information, are generated according to a particular algorithm. The public and private keys have an inverse relationship with one another based on a generator polynomial, such that the transmitting node secures the communication using one of the keys in the pair, and the receiving node decrypts or verifies the communication using the other key. More specifically, in the data encryption context, a block of data that is encrypted using the public key can be decrypted using the private key or vice versa; in the authentication context, a digital signature generated using the private key can be verified using the public key. The public and private keys are related to one another via a difficult mathematical problem (commonly referred to as a “trap-door function”), so that it is computationally difficult to determine a private key from knowledge of its corresponding known public key. For example, elliptic curve cryptography (“ECC”) is a known type of public key cryptography in which the relationship of the public and private keys is based on the algebraic structure of elliptic curves over finite fields. In any case, public key cryptography allows the public key of a pair to be freely communicated, for example sent in an unsecured communication or listed in a public registry, without realistic risk that the private key can be calculated by an attacker. The public/private key approach is often favored because the private key can be kept secret by its owner, as opposed to symmetric key approaches in which both parties must share the same encryption key. On the other hand, symmetric key cryptography is much less computationally intensive.
As is well known in the art, the level of security provided by a particular public key scheme corresponds generally to the length of the keys; longer key lengths increase the difficulty of deriving the private key from the public key. Conventional bit lengths for both public and private keys under such cryptography algorithms as “DH”, “DSA”, and “RSA”, range from on the order of 1024 bits to 15360 bits. While the level of security increases with longer keys, so does the necessary computational capacity required to encrypt and decrypt communications.
Several conventional techniques for implementing authentication protocols in devices with limited computational capacity, such as remote nodes in wireless networks, include various methods within an authentication framework known in the art as Extensible Authentication Protocol (EAP). According to the EAP framework, the remote node requests connection to a wireless network through an access point, which in turn requests identification data from the remote node and in turn transmits those identification data to an authentication server in the network. In response, the authentication server asks the access point for some proof that the identification data for the node are valid, for example by way of an authentication certificate provided by the node. Upon its receipt of this assurance of validity, the authentication server authorizes the node to be connected to the network. Conventional EAP methods that are applied to resource-limited devices utilize a symmetric key that is pre-shared by the node and the authentication server, as the computations required for symmetric key cryptography are less complex and less demanding of computational resources as noted above. Another example of a conventional approach is the communication protocol described in Park et al., “A Lightweight IPsec Adaptation for Small Devices in IP-based Mobile Networks”, 8th International Conference on Advanced Communication Technology (IEEE, 2006), pp. 298-302, in which the number of public/private key operations by a resource-limited device is minimized to improve the overall performance of the protocol.